Wednesday, May 11, 2016

Chatham House Cyber Policy Journal launch

I had the privilege of attending the launch of the Journal of Cyber Policy at Chatham House on Monday this week. The keynote speech was given by my old friend, John Naughton, an inveterate storyteller who, as usual, entertained and informed in equal measure.

What follows are some notes I made on the talk.

One of John's favorite books is a volume of Leonard Woolf's autobiography, The journey not the arrival matters. Yet in the case of the internet, he suspects, the reverse is the case - it's the arrival that's important.

In 1999 CEO of Intel, Craig Barrett, suggested that any company that wasn't an internet company within 5 years would not be a company at all. Most mainstream commentators dismissed him as nuts. He wasn't saying every organisation wanted to get into direct competition with the big tech companies but that the network itself was on the way to becoming a utility, a general purpose technology (GTP). We have focused as a society, says John, too much on the information goods and too little on the GTP.

Arthur C. Clarke's 3rd law is that any sufficiently advanced technology is indistinguishable from magic. The internet is the first significant, magic, advanced technology that humans have built that humans don't understand. [When I mentioned this insight to a young colleague here at the Open University earlier, it was one of those light bulb moments - his face lit up and he couldn't believe he hadn't realised this before.]

Think about that for a minute. The internet is a pervasive utility upon which we are hugely dependent but barely understand.

GTPs drastically affect society and often require the wholesale reconstruction of infrastructure, economic, social and cultural norms. Think steam, electricity, the railroads, the automobile. Our society is only at the very beginning of our transformation brought about by the Net. Despite being over half a century old - if we date it back to the packet switching ideas of Paul Baran and Donald Davies, in the 1960s - we have not yet figured out the significance of the internet.

We exist in a state of informed bewilderment, drowning in information and still not understanding. Digital technologies are completely incomprehensible to ordinary mortals. When it came to steam people didn't have to understand Boyle's law to understand steam engines worked. Coal burns. It makes high pressure steam. The steam pushes pistons up and down. The pistons are connected to rods that are connected to wheels that turn. The analogue industrial machine works and we can see how. Digital technologies are orders of magnitude more complex and their workings invisible to the naked eye.

Digital technologies come with key affordances -

zero marginal costs

powerful network effects

permissionless innovation

the dominance of power law distributions

technological lock-in

black box workings

complexity

lack of security

material processed not as physical goods but in information, the lifeblood of democracy and social life

The internet, most notably, is a global machine for springing surprises. Some good - the world wide web, voice over internet protocol (which Skype sits on). Some not so good - mass surveillance, information warfare, malware. Some disruptive in other ways - e.g. the impact on the music industry and the challenge of developing laws fit for the information age.

We as a society have been so dazzled by the technology, so sucked in by the true believers in technological determinism in Silicon Valley, that we rarely, if ever, stop to think about it or question the technological architecture of the world in which we live. Passive acceptance is the order of the day - we like free, convenient services and companies like to get big fast, to harness network effects. Yet technology is only one of many factors that drive our history and that technology exists in a social, economic, cultural and political context.

Only latterly (the past couple of decades) has the network being taken over by dominant corporate economic actors. The rather large elephant in the room is that the Net was mostly created by US organisations, military, civilian and corporate - publicly and privately funded. US stewardship of the Net was largely benign in its early history. [For a terrific account of the characters, the technology and the story I recommend John's first book, A Brief History of the Future: The Origins of the Internet. For anyone without easy access to a library or the funds to get themselves a copy, I have half a dozen paperback copies of the book on the shelves in my Open University office which I'm happy to dispatch to good homes. Just drop me an email]

There are a number of ingredients that make it hard for many people to understand the internet, its underlying technologies and its significance.

Firstly, we have a tendency to view our modern world with the 20/20 vision of hindsight - technology evolved step by step, one great idea to the next and it had to be this way. We perceive a smooth path to the current reality and neglect developments that could have and possibly even should have happened.

Packet switching - the fundamental technology of the Net developed independently by Paul Baran and Donald Davies on opposite sides of the pond in the 1960s - seems obvious, with hindsight. Yet Baran had to abandon his original designs in the face of vehement opposition, not least from the incumbent US telecommunications monopoly, AT&T.

[AT&T executive, Jack Osterman said at the time: "First it can't possibly work, and if it did, damned if we are going to allow the creation of a competitor to ourselves." Baran's employer, the RAND Corporation believed in the ideas enough to try and encourage the US Air Force to build and test a prototype network. The Air Force were really enthusiastic but the whole thing got strangled in military and Washingon DC bureaucracy and politics. In the public-private sector revolving door that is DC politics, the crew that would have been tasked with the project included ex AT&T employees. They just did not understand the technologies and would not have been up to the job. So Baran reluctantly dropped the project knowing it was bound to fail in those circumstances and with those with a vested interest in ensuring it failed running the project. All completely crazy but a nice indicator that meritorious technology will not necessarily emerge without the right support and conditions in so many contexts]

So there is nothing inevitable about the shape and form of the internet we have today. It has been designed, built and evolved that way by technical decisions, relative power dynamics, chance, legal, economic, social, cultural and environmental factors.

The fact that surveillance capitalism has become the dominant business model of the Net was not inevitable - it could not have happened without user consent - e.g. our addiction to "free" services and convenience - and the legal and regulatory and economic forces not just facilitating but actively encouraging such a state, ironically through passively allowing the surveillance capitalists to act without public interest shaped restraints or controls.

The second ingredient making it difficult for us to get a handle on the internet is the Net's (or humanity on the Net's) pathological obsession with the last 5 minutes - the short (some would say minuscule) term perspective of most of the public debate about it - or as John described it, the sociology of the last 5 minutes. Seismic shifts go largely unnoticed as the mass media indulge in feeding frenzies over new new things.

So when Craigslist - a free localised advertising service - launched the newspaper industry were blissfully unaware of the threat it posed to their business for a long time. The value chain of newspapers matched loss making journalism with profit making advertising. The net dissolved this and Craigslist was the early warning.

If the peace of God surpasses all understanding, as it says in the bible, so too - an accute manifestation of the sociology of the last five minutes - did the valuation of internet companies in the dot-com boom. The core business model was to collect as many consumers as possible, with a view to harnessing the network effects - get big enough and the revenues would flow. Companies would get wildly inflated stock market valuations just by adding an"e-" prefix or ".com" to the end of their names. Less than half of these outfits survived the dot-com crash.

But during this period the communications infrastructure to sustain the modern internet developed apace. In the California gold rush, it largely wasn't the miners that made their fortunes but the guys that sold them pickaxes and shovels. The fibre optic networks built in the thick of the dot-com hype - though some of these network builders survived and some didn't - became the physical infrastructure we still rely on today. Unnoticed, unworthy of frenzied media and speculator hype, it nevertheless was the significant development of the dot-com era. A ubiquitous public utility. A GTP. Enterprises unthinkable before this GPT - Uber, Facebook etc - became unremarkable after it.

There John concluded before a lively Q&A, chaired ably by the Journal of Cyber Policy's editor, Emily Taylor. She opened the questions with one of her own - given the state of surveillance capitalism, extractive corporations and personal data being treated as the new oil, is there any end in sight? Will people get fed up and push back?

John was not encouraged that there is sufficient public interest in such a push back yet to think it likely. The problem, as he said, is that a large chunk of our fellow human beings seem to think ubiquitous surveillance is an acceptable state of affairs. Mass surveillance seems here to stay with who knows what long term consequences for privacy and human rights more generally.

There followed a question on the balkanisation or fragmentation of the Net which the questioner suggested might facilitate localised innovation. John thought that an interesting perspective though it flew in the face of prevailing wisdom about network effects. There was always likely to be pressures driving in the direction of fragmentation but a few years ago he'd have bet against it. Now, post Snowden revelations he considers balkanisation a racing certainty. The questioner came back suggesting that wasn't necessarily a catastrophe, was it? John felt it was.

Next came a question from someone working on machine learning project at the Royal Society and the revelation of Google's DeepMind access to NHS patient data (1.6 million people's records). Is this a sign there will be more social innovation?

John's response raised the biggest (of many) laughs of the evening. Big data, he hypothesised, was like the Justin Bieber of the intellectual world. It's falsely believed if you collect enough data you can understand anything but big data has a crippled epistemology and too often correlation patterns in the data are interpreted as identifying causation. So in 2008 Google published a paper in Nature claiming success at predicting flu outbreaks substantially earlier than medical experts at centres for disease control. 2 years later they failed to repeat that success. Why? John figures you don't need to be a genius to realise that Google knows nothing about flu. It is not where there expertise lies and correlation does not prove causation.

Next came a question about the French Minetel service, a popular but limited online pre world wide web service accessed via the telephone network.

John was happy to talk about Minitel which in his opinion may have slowed the public engagement with the internet in France for a time. But more importantly it gave him the opportunity to articulate two wonderfully wise ideas embedded deep in the architecture of the internet by the original architects [of which I'm sure John would credit Baran and Davies already mentioned but also Vanevaar Bush, Claude Shannon, JCR Lickider, Bob Taylor, Charles Herzfeld, Larry Roberts, Leonard Kleinrock, bob Kahn and Vint Cerf, Jon Postel, David Clark amongst others] -

Firstly that the [original] network was designed in a way that no one entity could control

Secondly that [original] network had to be future proof i.e. it was not optimised for any particular need (e.g. telephony) and would be agnostic as to what it was being used for

The network would be dumb and the intelligence reside in the devices at the ends, something that became known later as the end to end principle, articulated in Saltzer, Clark and Reed's seminal paper in the early 1980s. The network took in data packets and did the best it could to deliver those packets to the destination address on the label. It did not care what was in the packets as long as they complied with TCP/IP protocols. The result was that if you could do something with data packets you could use the Net and didn't need anyone's permission, unlike the situation Paul Baran found himself in when AT&T opposed his innovative networking ideas. We had reached an era of permissionless digital innovation.

So in 1989 a scientist at CERN, Tim Berners Lee came up with an idea for sharing documents based on earlier ideas of Vanevaar Bush before World War II. Berners Lee convinced his boss to give him a budget and in the space of a year had created the world wide web on the internet, arguably the biggest transformation in communications since the Gutenberg printing press. Some people now even think the world wide web is the internet. (More depressingly, many seem to think Facebook is the internet).

The Net is no longer a sandpit for permissionless innovation. Now what's built is done in silos and walled gardens and no one can build anything on Facebook. The blockchain is a very interesting development which may prove disruptive but surveillance [and enclosure] capitalism has a powerful foothold.

Inevitably someone raised the internet of things which John described as a runaway train, mostly run by people who don't know what they are doing. They certainly have no understanding of security. A Cabinet office report, co-authored by the government's chief technology officer, warned, some years ago, that there were serious security flaws in their muli-billion pound plan to get smart meters installed nationwide. Just one of the problems was that every smart meter used the same encryption key - a single point of failure - and GCHQ reportedly "intervened" recently to help out with the security issues.

How can we improve the security situation around the internet of things?

John: Legal liability would help. [That raised the second biggest laugh of the evening]. Seriously though, if Ford make something dangerous they can be held liable under consumer protection, contract, health and safety laws. Software companies are rarely held liable for holes in their software and they have being protecting themselves from liability by end user licences agreements that are an affront to unfair contract terms regulations, health & safety and human rights for generations. But somehow because they are high tech companies it it an accepted state of affairs. The imposition of liability may also inhibit innovation, so it is a complex calculus but we're a long way from a satisfactory socially beneficial and stable state of affairs on this.

Final question: you seem to be a pessimist. Don't you think the 50% of humanity not yet on the internet will benefit from it.

John: Yes and the main agency for that will be smart phones. As to being a pessimist, he is sometimes accused of that but he doesn't see himself as such. The world is as it is but we have to be better at understanding and shaping it and its technologies in the public interest. He closed with his own version of Kranzberg's first law - technology is neither good nor bad but it sure as hell is not neutral.